this post was submitted on 30 Jun 2023
36 points (100.0% liked)

Privacy

787 readers
81 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

Chat rooms

much thanks to @gary_host_laptop for the logo design :)

founded 4 years ago
MODERATORS
k_o_t@lemmy.ml
tmpod@lemmy.pt
Yayannick@lemmy.ml
ranok@sopuli.xyz
36
Best DNS for privacy? (discuss.tchncs.de)
submitted 1 year ago by fatcat@discuss.tchncs.de to c/privacy@lemmy.ml
45 comments fedilink hide all child comments
 

I read a bit about using a different DNS for Privacy and I think the best one should be quad9? Or is there anything better except self hosting a DNS?

you are viewing a single comment's thread
view the rest of the comments
[–] nachtigall@feddit.de 2 points 1 year ago (7 children)

The one from your ISP. Your ISP can see your traffic anyway, so you gain nothing by using a third-party DNS server.

[–] CrazyClown@lemmy.ca 6 points 1 year ago (1 children)

That’s not true at all. If you’re after the fastest DNS for loading / response times then the ISP DNS would be ideal. For privacy you’d want one that can offer ad and tracking protection like NextDNS.

[–] nachtigall@feddit.de 3 points 1 year ago (1 children)

Okay, maybe I got the question wrong. If you care about content blocking, then you are right (though I'd prefer self-hosted resolvers like pi-hole or AdGuard Home over third party resolvers).

[–] CrazyClown@lemmy.ca 2 points 1 year ago (1 children)

You can use pihole as your main resolver and NextDNS as your down stream resolver as well for layered protection. That’s what I do. Works well. NextDNS is free protection up to 300,000 queries a month. If you go over it just acts like any regular resolver. The paid plan is inexpensive too.

[–] nachtigall@feddit.de 2 points 1 year ago (1 children)

If you use the same or similar blocklist it does not provide additional protection though.

[–] CrazyClown@lemmy.ca 1 points 1 year ago

That’s true yes.

[–] norb@infosec.pub 2 points 1 year ago

HA! My ISP injects ads into search results with their DNS. No thanks!

[–] fatcat@discuss.tchncs.de 2 points 1 year ago (1 children)

As far as I read (I'm no expert!) they could check the SNI of the TLS handshake if they want. But using the DNS of the ISP is handing them the data right in a way they can analyze/use them very easily afaik?

Still learning about this topic!

[–] nachtigall@feddit.de 2 points 1 year ago (1 children)

They route your traffic, hence they can see all IP addresses you communicate with. With a reverse lookup you can then usually find out the address too.

load more comments (1 replies)
[–] Engywuck@lemmy.ml 1 points 1 year ago (1 children)

Even if you use DOH for upstream servers?

[–] nachtigall@feddit.de 1 points 1 year ago (1 children)

In the end it comes down to what your goals is. DOH indeed hides DNS queries from sniffers and your ISP, but the traffic between you and your destination is still visible for the ISP (unless you use a VPN or TOR).

If you only care about the content blocking aspect a third party resolver may make sense as @CrazyClown@lemmy.ca explained below.

[–] Engywuck@lemmy.ml 1 points 1 year ago

Yes, my question was just referred to DNS queries. Thank you for your reply.

[–] itchy_lizard@feddit.it 0 points 1 year ago (1 children)

Mt ISP can't see my traffic or my DNS lookups lol

[–] nachtigall@feddit.de 1 points 1 year ago (1 children)

Congrats but then you are using more than just another DNS resolver/different DNS technology.

[–] itchy_lizard@feddit.it 1 points 1 year ago

Yes, if you want privacy then you need a good VPN provider

load more comments (2 replies)